Full Report
Format Boy makes a living teaching Yahoo Boys, notorious West African scammers, how to use AI and deepfake technology to ensnare their next victims.
Analysis Summary
# Threat Actor: Yahoo Boys
## Attribution & Identity
The core group analyzed are "Yahoo Boys," notorious West African fraudsters, often based in **Nigeria**. They are described as agile and skillful social engineers. The article also highlights an unofficial advisor/instructor figure known as **"Format Boy,"** who teaches them modern techniques via platforms like YouTube and Telegram, but Format Boy does not reveal his real name or face and does not self-identify with the Yahoo Boys collective.
## Activity Summary
The Yahoo Boys focus on orchestrating high-paying online scams against wealthy foreigners, particularly Americans. Their operations often involve building elaborate, long-term relationships (weeks or months) with victims before extracting money ("clients"). A significant recent development involves leveraging AI and deepfake technology to enhance their cons, including creating fake CNN broadcasts with AI-generated newscasters to facilitate blackmail operations.
## Tactics, Techniques & Procedures
- **Social Engineering:** Building elaborate, long-term relationships with victims to gain trust before extracting money.
- **Mass Outreach:** "Bombing," which involves messaging hundreds of online accounts to initiate scams.
- **Deepfake/AI Utilization:** Using face-swapping and deepfake technology to generate highly deceptive content, such as fake news broadcasts featuring AI avatars.
## Targeting
- Sectors: Not explicitly defined, but targets are wealthy individuals.
- Geography: Victims are often in the **US, UK, and elsewhere**.
- Victims: Wealthy foreigners, with millions lost in recent years. The scams have also led to reports of teenage boys taking their own lives after being sextorted/blackmailed.
## Tools & Infrastructure
- **Teaching Platform:** YouTube, Telegram, Instagram (used by Format Boy to distribute training).
- **Scam Tools:** AI/Deepfake technology for creating persuasive, deceptive content (e.g., fake CNN reports).
- **Internal Terminology:** Use of specialized code like calling victims "clients" and initiating contact as "bombing."
## Implications
The integration of **AI and deepfake technology** by this group significantly raises the sophistication and credibility of their social engineering efforts, moving beyond traditional romance or investment scams into complex impersonation and blackmail schemes supported by fabricated media evidence. This evolution poses an increased financial and psychological risk to potential victims globally.
## Mitigations
- Be aware of scams that involve long-term relationship building.
- Exercise extreme caution regarding unsolicited contact received via social media or messaging platforms.
- **Verify the authenticity** of compromising or high-stakes media (like news reports) used in blackmail or sextortion attempts, especially if the source seems suspicious or involves known deepfake indicators.